EIP-2026-116908

This exploit leverages DNS rebinding to bypass authentication in Blizzard Update Agent's JSON RPC server, allowing any website to send privileged commands to the agent running on localhost port 1120. The attack involves alternating DNS resolutions to bypass same-origin policy and execute commands such as installing or downloading files.